Page 293

8 Synthesis, Findings, and Recommendations

8.1 SYNTHESIS AND FINDINGS

In an age of explosive worldwide growth of electronic data storage and communications, many vital national interests require the effective protection of information. Especially when used in coordination with other tools for information security, cryptography in all of its applications, including data confidentiality, data integrity, and user authentication, is a most powerful tool for protecting information.

8.1.1 The Problem of Information Vulnerability

Because digital representations of large volumes of information are increasingly pervasive, both the benefits and the risks of digital representation have increased. The benefits are generally apparent to users of information technology—larger amounts of information, used more effectively and acquired more quickly, can increase the efficiency with which businesses operate, open up entirely new business opportunities, and play an important role in the quality of life for individuals.

The risks are far less obvious. As discussed in Chapter 1, one of the most significant risks of a digital information age is the potential vulnerability of important information as it is communicated and stored. When information is transmitted in computer-readable form, it is highly vulnerable to unauthorized disclosure or alteration:



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 293
Page 293 8 Synthesis, Findings, and Recommendations 8.1 SYNTHESIS AND FINDINGS In an age of explosive worldwide growth of electronic data storage and communications, many vital national interests require the effective protection of information. Especially when used in coordination with other tools for information security, cryptography in all of its applications, including data confidentiality, data integrity, and user authentication, is a most powerful tool for protecting information. 8.1.1 The Problem of Information Vulnerability Because digital representations of large volumes of information are increasingly pervasive, both the benefits and the risks of digital representation have increased. The benefits are generally apparent to users of information technology—larger amounts of information, used more effectively and acquired more quickly, can increase the efficiency with which businesses operate, open up entirely new business opportunities, and play an important role in the quality of life for individuals. The risks are far less obvious. As discussed in Chapter 1, one of the most significant risks of a digital information age is the potential vulnerability of important information as it is communicated and stored. When information is transmitted in computer-readable form, it is highly vulnerable to unauthorized disclosure or alteration:

OCR for page 293
Page 294 • Many communications are carried over channels (e.g., satellites, cellular telephones, and local area networks) that are easily tapped. Tapping wireless channels is almost impossible to detect and to stop, and tapping local area networks may be very hard to detect or stop as well. Other electronic communications are conducted through data networks that can be easily penetrated (e.g., the Internet). • Approximately 10 billion words of information in computer-readable form can be scanned for $1 today (as discussed in Chapter 1), allowing intruders, the malicious, or spies to separate the wheat from the chaff very inexpensively. For example, a skilled person with criminal intentions can easily develop a program that recognizes and records all credit card numbers in a stream of unencrypted data traffic.1 The decreasing cost of computation will reduce even further the costs involved in such searches. • Many users do not know about their vulnerabilities to the theft or compromise of information; in some instances, they are ignorant of or even complacent about them. Indeed, the insecurity of computer networks today is much more the result of poor operational practices on the part of users and poor implementations of technology on the part of product developers than of an inadequate technology base or a poor scientific understanding. In the early days of computing, the problems caused by information vulnerability were primarily the result of relatively innocent trespasses of amateur computer hackers who were motivated mostly by technical curiosity. But this is no longer true, and has not been true for some time. The fact that the nation is moving into an information age on a large scale means that a much larger number of people are likely to have strong financial, political, or economic motivations to exploit information vulnerabilities that still exist. For example, electronic interceptions and other technical operations account for the largest portion of economic and industrial information lost by U.S. corporations to foreign parties, as noted in Chapter 1. Today, the consequences of large-scale information vulnerability are potentially quite serious: • U.S. business, governmental, and individual communications are 1 The feasibility of designing a program to recognize text strings that represent credit card numbers has been demonstrated most recently by the First Virtual Corporation. See press release of February 7, 1996, "First Virtual Holdings Identifies Major Flaw in Software-Based Encryption of Credit Cards; Numbers Easily Captured by Automated Program," First Virtual Corporation, San Diego, Calif. Available on-line at http://www.fv.com/gabletxt/ release2_7_96.html.

OCR for page 293
Page 295 targets or potential targets for intelligence organizations of foreign governments, competitors, vandals, suppliers, customers, and organized crime. Businesses send through electronic channels considerable amounts of confidential information, including items such as project and merger proposals, trade secrets, bidding information, corporate strategies for expansion in critical markets, research and development information relevant to cost reduction or new products, product specifications, and expected delivery dates. Most importantly, U.S. businesses must compete on a worldwide basis. International exposure increases the vulnerability to compromise of sensitive information. Helping to defend U.S. business interests against such compromises of information is an important function of law enforcement. • American values such as personal rights to privacy are at stake. Private citizens may conduct sensitive financial transactions electronically or by telephone. Data on their medical histories, including mental illnesses, addictions, sexually transmitted diseases, and personal health habits, are compiled in the course of providing medical care. Driving records, spending patterns, credit histories, and other financial information are available from multiple sources. All such information warrants protection. • The ability of private citizens to function in an information economy is at risk. Even today, individuals suffer as criminals take over their identities and run up huge credit card bills in their names. Toll fraud on cellular telephones is so large that some cellular providers have simply terminated international connections in the areas that they serve. Inaccuracies as the result of incorrectly posted information ruin the credit records of some individuals. Protecting individuals against such problems warrants public concern and is again an area in which law enforcement and other government authorities have a role to play. • The federal government has an important stake in assuring that its important and sensitive political, economic, law enforcement, and military information, both classified and unclassified, is protected from misuse by foreign governments or other parties whose interests are hostile to those of the United States. • Elements of the U.S. civilian infrastructure such as the banking system, the electric power grid, the public switched telecommunications network, and the air traffic control system are central to so many dimensions of modern life that protecting these elements must have a high priority. Defending these assets against information warfare and crimes of theft, misappropriation, and misuse potentially conducted by hostile nations, terrorists, criminals, and electronic vandals is a matter of national security and will require high levels of information protection and strong security safeguards.

OCR for page 293
Page 296 8.1.2 Cryptographic Solutions to Information Vulnerabilities Cryptography does not solve all problems of information security; for example, cryptography cannot prevent a party authorized to view information from improperly disclosing that information. Although it is not a "silver bullet" that can stand by itself, cryptography is a powerful tool that can be used to protect information stored and communicated in digital form: cryptography can help to assure confidentiality of data, to detect unauthorized alterations in data and thereby help to maintain its integrity, and to authenticate the asserted identity of an individual or a computer system (Chapter 2). Used in conjunction with other information security measures, cryptography has considerable value in helping law-abiding citizens, businesses, and the nation as a whole defend their legitimate interests against information crimes and threats such as fraud, electronic vandalism, the improper disclosure of national security information, or information warfare. Modern cryptographic techniques used for confidentiality make it possible to develop and implement ciphers that are for all practical purposes impossible for unauthorized parties to penetrate but that still make good economic sense to use. • Strong encryption is economically feasible today. For example, many integrated circuit chips that would be used in a computer or communications device can inexpensively accommodate the extra elements needed to implement the Data Encryption Standard (DES) encryption algorithm. If implemented in software, the cost is equally low, or even lower. • Public-key cryptography can help to eliminate the expense of using couriers, registered mail, or other secure means for exchanging keys. Compared to a physical infrastructure for key exchange, an electronic infrastructure based on public-key cryptography to exchange keys will be faster and more able to facilitate secure communications between parties that have never interacted directly with each other prior to the first communication. Public-key cryptography also enables the implementation of the digital equivalent of a written signature, enabling safer electronic commerce. • Encryption can be integrated by vendors into end-user applications and hardware for the benefit of the large majority of users who do not have the technical skill to perform their own integration. Encryption can also be made automatic and transparent in ways that require no extra action on the part of the user, thus ensuring that cryptographic protection will be present regardless of user complacency or ignorance.

OCR for page 293
Page 297 8.1.3 The Policy Dilemma Posed by Cryptography The confidentiality of information that cryptography can provide is useful not only for the legitimate purposes of preventing information crimes (e.g., the theft of trade secrets or unauthorized disclosure of sensitive medical records) but also for illegitimate purposes (e.g., shielding from law enforcement officials a conversation between two terrorists planning to bomb a building). Although strong automatic encryption implemented as an integral part of data processing and communications provides confidentiality for "good guys" against "bad guys" (e.g., U.S. business protecting information against economic intelligence efforts of foreign nations), it unfortunately also protects "bad guys" against "good guys'' (e.g., terrorists evading law enforcement agencies). Under appropriate legal authorization such as a court order, law enforcement authorities may gain access to "bad guy" information for the purpose of investigating and prosecuting criminal activity. Similarly, intelligence gathering for national security and foreign policy purposes depends on having access to information of foreign governments and other foreign entities. (See Chapter 3.) Because such activities benefit our society as a whole (e.g., by limiting organized crime and terrorist activities), "bad guy" use of cryptography used for confidentiality poses a problem for society as a whole, not just for law enforcement and national security personnel. Considered in these terms, it is clear that the development and widespread deployment of cryptography that can be used to deny government access to information represents a challenge to the balance of power between the government and the individual. Historically, all governments, under circumstances that further the common good, have asserted the right to compromise the privacy of individuals (e.g., through opening mail, tapping telephone calls, inspecting bank records); unbreakable cryptography for confidentiality provides the individual with the ability to frustrate assertions of that right. The confidentiality that cryptography can provide thus creates conflicts. Nevertheless, all of the stakes described above—privacy for individuals, protection of sensitive or proprietary information for businesses and other organizations in the prevention of information crimes, ensuring the continuing reliability and integrity of nationally critical information systems and networks, law enforcement access to stored and communicated information for purposes of investigating and prosecuting crime, and national security access to information stored or communicated by foreign powers or other entities and organizations whose interests and intentions are relevant to the national security and the foreign policy interests of the United States—are legitimate. Informed public discussion of the issues must begin by acknowledging the legitimacy of both infor-

OCR for page 293
Page 298 mation security for law-abiding individuals and businesses and information gathering for law enforcement and national security purposes. A major difficulty clouding the public policy debate regarding cryptography has been that certain elements have been removed from public view due to security classification. However, for reasons noted in the preface, the cleared members of the committee (13 of its 16 members) concluded that the debate over national cryptography policy can be carried out in a reasonable manner on an unclassified basis. Although many of the details relevant to policy makers are necessarily classified, these details are not central to making policy arguments one way or the other. Classified material, while important to operational matters in specific cases, is not essential to the big picture of why policy has the shape and texture that it does today nor to the general outline of how technology will, and policy should, evolve in the future. To manage the policy dilemma created by cryptography, the United States has used a number of tools to balance the interests described above. For many years, concern over foreign threats to national security has been the primary driver of a national cryptography policy that has sought to maximize the protection of U.S. military and diplomatic communications while denying the confidentiality benefits of cryptography to foreign adversaries through the use of controls on the export of cryptographic technologies, products, and related technical information (Chapter 4). More recently, the U.S. government has aggressively promoted escrowed encryption as the technical foundation for national cryptography policy, both to serve domestic interests in providing strong protection for legitimate uses while enabling legally authorized access by law enforcement officials when warranted and also as the basis for more liberal export controls on cryptography (Chapter 5). Both escrowed encryption and export controls have generated considerable controversy. Escrowed encryption has been controversial because its promotion by the U.S. government appears to some important constituencies to assert the primacy of information access needs of law enforcement and national security over the information security needs of businesses and individuals. Export controls on cryptography have been controversial because they pit the interests of U.S. vendors and some U.S multinational corporations against some of the needs of national security. 8.1.4 National Cryptography Policy for the Information Age In a world of ubiquitous computing and communications, a concerted effort to protect the information assets of the United States is critical. While cryptography is only one element of a comprehensive approach to information security, it is nevertheless an essential element. Given the

OCR for page 293
Page 299 committee's basic charge to focus on national cryptography policy rather than national policy for information security, the essence of the committee's basic conclusion about policy is summarized by the following principle: Basic Principle: U.S. national policy should be changed to support the broad use of cryptography in ways that take into account competing U.S. needs and desires for individual privacy, international economic competitiveness, law enforcement, national security, and world leadership. In practice, this principle suggests three basic objectives for national cryptography policy: 1. Broad availability of cryptography to all legitimate elements of U.S. society. Cryptography supports the confidentiality and integrity of digitally represented information (e.g., computer data, software, video) and the authentication of individuals and computer systems communicating with other computer systems; these capabilities are important in varying degrees to protecting the information security interests of many different private and public stakeholders, including law enforcement and national security. Furthermore, cryptography can help to support law enforcement objectives in preventing information crimes such as economic espionage. 2. Continued economic growth and leadership of key U.S. industries and businesses in an increasingly global economy, including but not limited to U.S. computer, software, and communications companies. Such leadership is an integral element of national security. U.S. companies in information technology today have undeniable strengths in foreign markets, but current national cryptography policy threatens to erode these advantages. The largest economic opportunities for U.S. firms in all industries lie in using cryptography to support their critical domestic and international business activities, including international intrafirm and interfirm communications with strategic partners, cooperative efforts with foreign collaborators and researchers in joint business ventures, and real-time connections to suppliers and customers, rather than in selling information technology (Chapter 4). 3. Public safety and protection against foreign and domestic threats. Insofar as possible, communications and stored information of foreign parties whose interests are hostile to those of the United States should be accessible to U.S. intelligence agencies. Similarly, the communications and stored information of criminal elements that are a part of U.S. and global society should be available to law enforcement authorities as authorized by law (Chapter 3).

OCR for page 293
Page 300 Objectives 1 and 2 argue for a policy that actively promotes the use of strong cryptography on a broad front and that places few restrictions on the use of cryptography. Objective 3 argues that some kind of government role in the deployment and use of cryptography may continue to be necessary for public safety and national security reasons. The committee believes that these three objectives can be met within a framework recognizing that on balance, the advantages of more widespread use of cryptography outweigh the disadvantages. The committee concluded that cryptography is one important tool for protecting information and that it is very difficult for governments to control; it thus believes that the widespread nongovernment use of cryptography in the United States and abroad is inevitable in the long run. Cryptography is important because when it is combined with other measures to enhance information security, it gives end users significant control over their information destinies. Even though export controls have had a nontrivial impact on the worldwide spread of cryptography in previous years, over the long term cryptography is difficult to control because the relevant technology diffuses readily through national boundaries; export controls can inhibit the diffusion of products with encryption capabilities but cannot contain the diffusion of knowledge (Chapter 4). The spread of cryptography is inevitable because in the information age the security of information will be as important in all countries as other attributes valued today, such as the reliability and ubiquity of information. Given the inevitability that cryptography will become widely available, policy that manages how cryptography becomes available can help to mitigate the deleterious consequences of such availability. Indeed, governments often impose regulations on various types of technology that have an impact on the public safety and welfare, and cryptography may well fall into this category. National policy can have an important effect on the rate and nature of the transition from today's world to that of the long-term future. Still, given the importance of cryptography to a more secure information future and its consequent importance to various dimensions of economic prosperity, policy actions that inhibit the use of cryptography should be scrutinized with special care. The committee's policy recommendations are intended to facilitate a judicious transition between today's world of high information vulnerability and a future world of greater information security, while to the extent possible meeting government's legitimate needs for information gathering for law enforcement, national security, and foreign policy purposes. National cryptography policy should be expected to evolve over time in response to events driven by an era of rapid political, technological, and economic change.

OCR for page 293
Page 301 The committee recognizes that national cryptography policy is intended to address only certain aspects of a much larger information security problem faced by citizens, businesses, and government. Nevertheless, the committee found that current national policy is not adequate to support the information security requirements of an information society. Cryptography is an important dimension of information security, but current policy discourages the use of this important tool in both intentional and unintentional ways, as described in Chapters 4 and 6. For example, through the use of export controls, national policy has explicitly sought to limit the use of encryption abroad but has also had the effect of reducing the domestic availability of products with strong encryption capabilities to businesses and other users. Furthermore, government action that discourages the use of cryptography contrasts sharply with national policy and technological and commercial trends in other aspects of information technology. Amidst enormous changes in the technological environment in the past 20 years, today the federal government actively pursues its vision of a national information infrastructure, and the use of computer and communications technology by private parties is growing rapidly. The committee believes that a mismatch between the speed at which the policy process moves and the speed with which new products develop has had a profound impact on the development of the consensus necessary with respect to cryptography policy (Chapters 4 and 6). This mismatch has a negative impact on both users and vendors. For example, both are affected by an export control regime that sometimes requires many months or even years to make case-by-case decisions on export licensing, while high-value sales to these users involving integrated products with encryption capabilities can be negotiated and consummated on a time scale of days or weeks. Since the basic knowledge underlying cryptography is well known, cryptographic functionality can be implemented into new products on the time scale of new releases of products (several months to a year). Both users and vendors are affected by the fact that significant changes in the export control regulations governing cryptography have not occurred for 4 years (since 1992) at a time when needs for information security are growing, a period that could have accommodated several product cycles. Promulgation of cryptographic standards not based on commercial acceptability (e.g., the Escrowed Encryption Standard (FIPS 185), the Digital Signature Standard (FIPS 180-1)) raised significant industry opposition (from both vendors and users) and led to controversy and significant delays in or outright resistance to commercial adoption of these standards. These examples suggest that the time scales on which cryptography policy is made and is operationally implemented are incompatible with

OCR for page 293
Page 302 the time scales of the marketplace. A more rapid and market-responsive decision-making process would leverage the strengths of U.S. businesses in the international marketplace before significant foreign competition develops. As is illustrated by the shift in market position from IBM to Microsoft in the 1980s, the time scale on which significant competition can arise is short indeed. Attempts to promote a policy regime that runs against prevailing commercial needs, practice, and preference may ultimately result in a degree of harm to law enforcement and national security interests far greater than what would have occurred if a more moderate regime had been promoted in the first place. The reason is that proposed policy regimes that attempt to impose market-unfriendly solutions will inevitably lead to resistance and delay; whether desirable or not, this is a political reality. Responsible domestic businesses, vendors, and end users are willing to make some accommodations to U.S. national interests in law enforcement and national security, but cannot be expected to do so willingly when those accommodations are far out of line with the needs of the market. Such vendors and users are likely to try to move ahead on their own—and quickly so—if they believe that government requirements are not reasonable. Moreover, foreign vendors may well attempt to step into the vacuum. The bottom line is that the U.S. government may have only a relatively small window of time in which to influence the deployment of cryptography worldwide. The committee also notes that the public debate has tended to draw lines that divide the policy issues in an overly simplistic manner, i.e., setting the privacy of individuals and businesses against the needs of national security and law enforcement. As observed above, such a dichotomy does have a kernel of truth. But viewed in the large, the dichotomy as posed is misleading. If cryptography can protect the trade secrets and proprietary information of businesses and thereby reduce economic espionage (which it can), it also supports in a most important manner the job of law enforcement. If cryptography can help protect nationally critical information systems and networks against unauthorized penetration (which it can), it also supports the national security of the United States. Framing national cryptography policy in this larger context would help to reduce some of the polarization among the relevant stakeholders. Finally, the national cryptography policy of the United States is situated in an international context, and the formulation and implementation of U.S. policy must take into account international dimensions of the problem if U.S. policy is to be successful. These international dimensions, discussed in Chapter 6 and Appendix G, include the international scope of business today; the possibility of significant foreign competition in

OCR for page 293
Page 303 information technology; an array of foreign controls on the export, import, and use of cryptography; important similarities in the interests of the United States and other nations in areas such as law enforcement and antiterrorist activities; and important differences in other areas such as the relationship between the government and the governed. 8.2 RECOMMENDATIONS The recommendations below address several critical policy areas. Each recommendation is cast in broad terms, with specifically actionable items identified for each when appropriate. In accordance with the committee's finding that the broad picture of cryptography policy can be understood on an unclassified basis, no findings or recommendations were held back on the basis of classification, and this report is unclassified in its entirety. Recommendation 1: No law should bar the manufacture, sale, or use of any form of encryption within the United States. This recommendation is consistent with the position of the Clinton Administration that legal prohibitions on the domestic use of any kind of cryptography are inappropriate,2 and the committee endorses this aspect of the Administration's policy position without reservation. For technical reasons described in Chapter 7, the committee believes that a legislative ban on the use of unescrowed encryption would be largely unenforceable. Products using unescrowed encryption are in use today by millions of users, and such products are available from many difficult-to-censor Internet sites abroad. Users could pre-encrypt their data, using whatever means were available, before their data were accepted by an escrowed encryption device or system. Users could store their data on remote computers, accessible through the click of a mouse but otherwise unknown to anyone but the data owner; such practices could occur quite legally even with a ban on the use of unescrowed encryption. Knowledge of strong encryption techniques is available from official U.S. government publications and other sources worldwide, and experts understanding how to use such knowledge might well be in high demand from criminal elements. Even demonstrating that a given communication or data file is "encrypted" may be difficult to prove, as algo- 2 For example, see "Questions and Answers About the Clinton Administration's Encryption Policy," February 4, 1994. Reprinted in David Banisar (ed.), 1994 Cryptography and Privacy Sourcebook, Electronic Privacy Information Center, Washington, D.C., 1994.

OCR for page 293
Page 330 Second, because of the ease with which escrowed encryption can be circumvented technically, it is not at all clear that escrowed encryption will be a real solution to the most serious problems that law enforcement authorities will face. Administration officials freely acknowledge that their various initiatives promoting escrowed encryption are not intended to address all criminal uses of encryption, but in fact those most likely to have information to conceal will be motivated to circumvent escrowed encryption products. Third, information services and technologies are undergoing rapid evolution and change today, and nearly all technology transitions are characterized by vendors creating new devices and services. Imposing a particular solution to the encryption dilemma at this time is likely to have a significant negative impact on the natural market development of applications made possible by new information services and technologies. While the nation may choose to bear these costs in the future, it is particularly unwise to bear them in anticipation of a large-scale need that may not arise and in light of the nation's collective ignorance about how escrowed encryption would work on a large scale. Fourth and most importantly, not enough is yet known about how the market will respond to the capabilities provided by escrowed encryption, nor how it will prefer the concept to be implemented, if at all. Given the importance of market forces to the long-term success of national cryptography policy, a more prudent approach to policy would be to learn more about how in fact the market will respond before advocating a specific solution driven by the needs of government. For these reasons, the committee believes that a policy of deliberate exploration of the concept of escrowed encryption is better suited to the circumstances of today than is the current policy of aggressive promotion. The most appropriate vehicle for such an exploration is, quite naturally, government applications. Such exploration would enable the U.S. government to develop and document the base of experience on which to build a more aggressive promotion of escrowed encryption should circumstances develop in such a way that encrypted communications come to pose a significant problem for law enforcement. This base would include significant operating experience, a secure but responsive infrastructure for escrowing keys, and devices and products for escrowed encryption whose unit costs have been lowered as the result of large government purchases. In the future, when experience has been developed, the U.S. government, by legislation and associated regulation, will have to clearly specify the responsibilities, obligations, and liabilities of escrow agents (Chapter 5). Such issues include financial liability for the unauthorized release or negligent compromise of keys, criminal penalties for the deliberate and

OCR for page 293
Page 331 knowing release of keys to an unauthorized party, statutory immunization of users of escrowed encryption against claims of liability that might result from the use of such encryption, and the need for explicit legal authorization for key release. Such legislation (and regulations issued pursuant to such legislation) should allow for and, when appropriate, distinguish among different types of escrow agents, including organizations internal to a user company, private commercial firms for those firms unwilling or unable to support internal organizations for key holding, and government agencies. Such government action is a necessary (but not sufficient) condition for the growth and spread of escrowed encryption in the private sector. Parties whose needs may call for the use of escrowed encryption will need confidence in the supporting infrastructure before they will entrust encryption keys to the safekeeping of others. Moreover, if the government is to actively promote the voluntary use of escrowed encryption in the future, it will need to convince users that it has taken into account their concerns about compromise and abuse of escrowed information. The best way to convince users that these agents will be able to live up to their responsibilities is to point to a body of experience that demonstrates their ability to do so. In a market-driven system, this body of experience will begin to accrue in small steps—some in small companies, some in bigger ones—rather than springing up fully formed across the country in every state and every city. As this body of experience grows, government will have the ability to make wise decisions about the appropriate standards that should govern escrow agents. In addition, the U.S. government should pursue discussions with other nations on how escrowed encryption might operate internationally (Appendix G). The scope of business and law enforcement today crosses national borders, and a successful U.S. policy on cryptography will have to be coordinated with policies of other nations. Given that the developed nations of the world have a number of common interests (e.g., in preserving authorized law enforcement access to communications, in protecting the information assets of their domestic businesses), the process begun at the Organization for Economic Cooperation and Development in December 1995 is a promising forum in which these nations can bring together representatives from business, law enforcement, and national security to discuss matters related to cryptography policy over national borders. Fruitful topics of discussion might well include how to expand the network of Mutual Law Enforcement Assistance Treaties that bind the United States and other nations to cooperate on law enforcement matters. Broader cooperation should contribute to the sharing of information regarding matters that involve the criminal use of encryption; national policies that encourage the development and export of ''escrowable" encryp-

OCR for page 293
Page 332 tion products; understanding of how to develop a significant base of actual experience in operating a system of escrowed encryption for communications across national borders; and the negotiation of sector-specific arrangements (e.g., a specific set of arrangements for banks) that cross international boundaries. Recommendation 5.4—Congress should seriously consider legislation that would impose criminal penalties on the use of encrypted communications in interstate commerce with the intent to commit a federal crime. The purpose of such a statute would be to discourage the use of cryptography for illegitimate purposes. Criminalizing the use of cryptography in this manner would provide sanctions analogous to the existing mail fraud statutes, which add penalties to perpetrators of fraud who use the mail to commit their criminal acts. Such a law would focus the weight of the criminal justice system on individuals who were in fact guilty of criminal activity, whereas a mandatory prohibition on the use of cryptography would have an impact on law-abiding citizens and criminals alike. A concern raised about the imposition of penalties based on a peripheral aspect of a criminal act is that it may be used to secure a conviction even when the underlying criminal act has not been accomplished. The statute proposed for consideration in Recommendation 5.4 is not intended for this purpose, although the committee understands that it is largely the integrity of the judicial and criminal justice process that will be the ultimate check on preventing its use for such purposes. As suggested in Chapter 7, any statute that criminalizes the use of encryption in the manner described in Recommendation 5.4 should be drawn narrowly. The limitation of Recommendation 5.4 to federal crimes restricts its applicability to major crimes that are specifically designated as such; it does not extend to the much broader class of crimes that are based on common law. Under Recommendation 5.4, federal jurisdiction arises from the limitation regarding the use of communications in interstate commerce. The focus of Recommendation 5.4 on encrypted communications recognizes that private sector parties have significant incentives to escrow keys used for encrypting stored data, as described in Recommendation 5.3. A statute based on Recommendation 5.4 should also make clear that speaking in foreign languages unknown to many people would not fall within its reach. Finally, the use of "encrypted" communications should be limited to communications encrypted for confidentiality purposes, not for user authentication or data integrity purposes. The drafters of the statute would also have to anticipate other potential sources of ambiguity such as the use of data compression techniques that also ob-

OCR for page 293
Page 333 scure the true content of a communication and the lack of a common understanding of what it means to "use encrypted communications" when encryption may be a ubiquitous and automatic feature in a communications product. Finally, the committee recognizes the existence of debate over the effectiveness of laws targeted against the use of certain mechanisms (e.g., mail, guns) to commit crimes. Such a debate should be part of a serious consideration of a law such as that described in Recommendation 5.4. However, the committee is not qualified to resolve this debate, and the committee takes no position on this particular issue. A second aspect of a statutory approach to controlling the socially harmful uses of encryption could be to expand its scope to include the criminalization of the intentional use of cryptography in the concealment of a crime. With such an expanded scope, the use of cryptography would constitute a prima facie act of concealment, and thus law enforcement officials would have to prove only that cryptography was used intentionally to conceal a crime. On the other hand, its more expansive scope might well impose additional burdens on businesses and raise other concerns, and so the committee takes no stand on the desirability of such an expansion of scope. The committee notes the fundamental difference between Recommendation 5.4 and Recommendation 1. Recommendation 1 says that the use of any type of encryption within the United States should be legal, but not that any use of encryption should be legal. Recommendation 5.4 says that the nation should consider legislation that would make illegal a specific use of encryption (of whatever type), namely the use of encrypted communications in interstate commerce with the intent of committing a federal crime. Recommendation 5.5—High priority should be given to research, development, and deployment of additional technical capabilities for law enforcement and national security for use in coping with new technological challenges. Over the past 50 years, both law enforcement and national security authorities have had to cope with a variety of changing technological circumstances. For the most part, they have coped with these changes quite well. This record of adaptability provides considerable confidence that they can adapt to a future of digital communications and stored data as well, and they should be strongly supported in their efforts to develop new technical capabilities. Moreover, while the committee's basic thrust is toward a wider use of cryptography throughout society, considerable time can be expected to

OCR for page 293
Page 334 elapse before cryptography is truly ubiquitous. For example, Recommendation 4.1 is likely to accelerate the widespread use of DES, but market forces will still have the dominant effect on its spread. Even if export controls were removed tomorrow, vendors would still take time to decide how best to proceed, and the use of DES across the breadth of society will take even longer. Thus, law enforcement and national security authorities have a window in which to develop new capabilities for addressing future challenges. Such development should be supported, because effective new capabilities are almost certain to have a greater impact on their future information collection efforts than will aggressive attempts to promote escrowed encryption to a resistant market. An example of such support would be the establishment of a technical center for helping federal, state, and local law enforcement authorities with technical problems associated with new information technologies.10 Such a center would of course address the use by individuals of unescrowed encryption in the commission of criminal acts, because capabilities to deal with this problem will be necessary whether or not escrowed encryption is widely deployed. Moreover, for reasons of accessibility and specific tailoring of expertise to domestic criminal matters, it is important for domestic law enforcement to develop a source of expertise on the matter. A second problem of concern to law enforcement authorities is obtaining the digital stream carrying the targeted communications. The task of isolating the proper digital stream amidst multiple applications and multiplexed channels will grow more complex as the sophistication of applications and technology increases, and law enforcement authorities will need to have (or procure) considerable technical skill to extract useful information out of the digital streams involved. These skills will need to be at least as good as those possessed by product vendors. Compared to the use of NSA expertise, a technical center for law enforcement would have a major advantage in being dedicated to serving law enforcement needs, and hence its activities and expertise relevant to prosecution would be informed and guided by the need to discuss analytical methods in open court without concern for classification. Moreover, such a center could be quite useful to state and local law enforcement authorities who currently lack the level of access to NSA expertise accorded the Federal Bureau of Investigation (FBI). 10 This example is consistent with the FBI proposal for a Technical Support Center (TSC) to serve as a central national law enforcement resource to address problems related to encryption and to technological problems with an impact on access to electronic communications and stored information. The FBI proposes that a TSC would provide law enforcement with capabilities in signals analysis (e.g., protocol recognition), mass media analysis (e.g., analysis of seized computer media), and cryptanalysis on encrypted data communications or files.

OCR for page 293
Page 335 National security authorities recognize quite clearly that future capabilities to undertake traditional signals intelligence will be severely challenged by the spread of encryption and the introduction of new communications media. In the absence of improved cryptanalytic methods, cooperative arrangements with foreign governments, and new ways of approaching the information collection problem, losses in traditional signals intelligence capability would likely result in a diminished effectiveness of the U.S. intelligence community. To help ensure the continuing availability of strategic and tactical intelligence, efforts to develop alternatives to traditional signals intelligence collection techniques should be given high priority in the allocation of financial and personnel resources before products covered by Recommendation 4.1 become widely used. Recommendation 6: The U.S. government should develop a mechanism to promote information security in the private sector. Although the committee was asked to address national cryptography policy, any such policy is necessarily only one component of a national information security policy. Without a forward-looking and comprehensive national information security policy, changes in national cryptography policy may have little operational impact on U.S. information security. Thus, the committee believes it cannot leave unaddressed the question of a national information security policy, although it recognizes that it was not specifically chartered with such a broad issue in mind. The committee makes Recommendation 6 based on the observation that the U.S. government itself is not well organized to meet the challenges posed by an information society. Indeed, no government agency has the responsibility to promote information security in the private sector. The information security interests of most of the private sector have no formal place at the policy-making table: the National Security Agency represents the classified government community, while the charter of the National Institute of Standards and Technology directs it to focus on the unclassified needs of the government (and its budget is inadequate to do more than that). Other organizations such as the Information Infrastructure Task Force and the Office of Management and Budget have broad influence but few operational responsibilities. As a result, business and individual stakeholders do not have adequate representation in the development of information security standards and export regimes. For these reasons, the nation requires a mechanism that will provide accountability and focus for efforts to promote information security in the private sector. The need for information security cuts across many dimensions of the economy and the national interest, suggesting that absent

OCR for page 293
Page 336 a coordinated approach to promoting information security, the needs of many stakeholders may well be given inadequate attention and notice. The importance of close cooperation with the private sector cannot be overemphasized. While the U.S. government has played an important role in promoting information security in the past (e.g., in its efforts to promulgate DES, its stimulation of a market for information security products through the government procurement process, its outreach to increase the level of information security awareness regarding Soviet collection attempts, and the stimulation of national debate on this critical subject), information security needs in the private sector in the information age will be larger than ever before (as argued in Recommendation 3). Thus, close consultations between government and the private sector are needed before policy decisions are made that affect how those needs can be addressed. Indeed, many stakeholders outside government have criticized what they believe to be an inadequate representation of the private sector at the decision-making table. While recognizing that some part of such criticism simply reflects the fact that these stakeholders did not get all that they wanted from policy makers, the committee believes that the policy-making process requires better ways for representing broadly both government and nongovernment interests in cryptography policy. Those who are pursuing enhanced information security and those who have a need for legal access to stored or communicated information must both be included in a robust process for managing the often-competing issues and interests that will inevitably arise over time. How might the policy-making process include better representation of nongovernment interests? Experiences in trade policy suggest the feasibility of private sector advisors, who are often needed when policy cuts across many functional and organizational boundaries and interests both inside and outside government. National policy on information security certainly falls into this cross-cutting category, and thus it might make sense for the government to appoint parties from the private sector to participate in government policy discussions relevant to export control decisions and/or decisions that affect the information security interests of the private sector. Despite the committee's conclusion that the broad outlines of national cryptography policy can be argued on an unclassified basis, classified information may nevertheless be invoked in such discussions and uncleared participants asked to leave the room. To preclude this possibility, these individuals should have the clearances necessary to engage as full participants in order to promote an effective interchange of views and perspectives. While these individuals would inevitably reflect the interests of the organizations from which they were drawn, their essential role would be to present to the government their best technical

OCR for page 293
Page 337 and policy advice, based on their expertise and judgment, on how government policy would best serve the national interest. How and in what areas should the U.S. government be involved in promoting information security? One obvious category of involvement is those areas in which the secure operation of information systems is critical to the nation's welfare—information systems that are invested with the public trust, such as those of the banking and financial system, the public switched telecommunications network, the air traffic control system, and extensively automated utilities such as the electric power grid. Indeed, the U.S. government is already involved to some extent in promoting the security of these systems, and these efforts should continue and even grow. In other sectors of the economy, the committee sees no particular reason for government involvement in areas in which businesses are knowledgeable (e.g., their own operational practices, their own risk-benefit assessments), and the role of the U.S. government is most properly focused on providing information and expertise that are not easily available to the private sector. Specifically, the government should build on existing private-public partnerships and private sector efforts in disseminating information (e.g., the Forums of Incident Response and Security Teams (FIRST), the Computer Emergency Response Team (CERT), the I-4 group, the National Counterintelligence Center) to take a vigorous and proactive role in collecting and disseminating information to promote awareness of the information security threat. For illustrative purposes only, some examples follow. The government might: • Establish mechanisms in which the sharing of sanitized securityrelated information (especially information related to security breaches) could be undertaken without disadvantaging the companies that reveal such information. Such efforts might well build on efforts in the private sector to do the same thing. • Undertake a program to brief senior management in industry on the information security threat in greater detail than is usually possible in open forums but without formal security clearances being required for those individuals. Such briefings would mean that specific threat information might have to be declassified or treated on a "for official use only" basis. • Expand the NIST program that accredits firms to test products involving cryptography for conformance to various Federal Information Processing Standards. As of this writing, three private companies today have been accredited to evaluate and certify compliance of products claiming to conform to FIPS 140-1, the FIPS for cryptographic modules; both

OCR for page 293
Page 338 the range of FIPSs subject to such evaluation and the number of certifying companies could be increased. • Help industry to develop common understandings regarding cryptography and information security standards that would constitute fair defenses against damages. These common understandings would help to reduce uncertainty over liability and "responsible practice." • Undertake technology transfer efforts that would help the private sector to use powerful and capable authentication technologies developed by government. As noted elsewhere in this section, authentication is an application of cryptography that poses a minimal public policy dilemma, and so the use of such government-developed technology should not be particularly controversial. Finally, in describing the need for a mechanism to promote information security in the private sector, the committee does not make a recommendation on its specific form because its charter did not call for it to address the question of government organization. As discussed in Chapter 7, such a mechanism could be a new coordinating office for information security in the Executive Office of the President. It could be one or more existing agencies or organizations with a new charter or set of responsibilities. It could be a new government agency or organization, although in the current political climate such an agency would demand the most compelling justification. It could be a quasi-governmental body or a governmentally chartered private organization, examples of which are described in Chapter 6. Because of NSA's role within the defense and intelligence communities and its consequent concern about defense and intelligence threats and systems, the committee believes the NSA is not the proper agency to assume primary responsibility for a mission that is primarily oriented toward the needs of the private sector. At the same time, experts from all parts of the U.S. government should be encouraged to assist in analyzing vulnerabilities; if such assistance requires new legislative authority, such authority should be sought from Congress. 8.3 ADDITIONAL WORK NEEDED The committee recognizes that a number of important areas were outside the scope of this study. Two of these areas are described below: • As noted in Chapter 2, the creation of an infrastructure (or infrastructures) to support user authentication is a central aspect of any widespread use of various forms of cryptography. The nature of these infrastructures is a matter of public policy; however, since the committee was concerned primarily with addressing issues related to cryptographic con-

OCR for page 293
Page 339 fidentiality, it did not address infrastructure issues in the depth that would be necessary to provide detailed advice to federal decision makers. • As noted in Chapter 7 and discussed in Appendix L, digital cash and electronic money pose many issues for public policy. These issues considerably transcend what could be examined within the scope of the current study. Although the committee realized that these areas were important, an in-depth study in each would require a committee with a different membership, a different charge, and a different time line. Problems in these areas will become relevant in the near future, and policy makers may wish to anticipate them by commissioning additional examination. 8.4 CONCLUSION The committee believes that its recommendations will lead to enhanced confidentiality and protection of information for individuals and companies, thereby reducing economic and financial crimes and economic espionage from both domestic and foreign sources. While the recommendations will to that extent contribute to the prevention of crime and enhance national security, the committee recognizes that the spread of cryptography will increase the burden of those in government charged with carrying out certain specific law enforcement and intelligence activities. It believes that widespread commercial and private use of cryptography in the United States and abroad is inevitable in the long run and that its advantages, on balance, outweigh its disadvantages. The committee concluded that the overall interests of the government and the nation would best be served by a policy that fosters a judicious transition toward the broad use of cryptography.

OCR for page 293